windows csrss.exe 进程有什么作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/639832/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What does the csrss.exe process do?
提问by Dirk Vollmar
What is the purpose of the csrss.exe (Client/Server Runtime Server Subsystem) on Windows?
Windows 上的 csrss.exe(客户端/服务器运行时服务器子系统)的用途是什么?
Maybe someone could give a good explanation or pointers to documentation? Unfortunately Google results are pretty noisy when searching a core process of Windows.
也许有人可以给出一个很好的解释或指向文档的指针?不幸的是,在搜索 Windows 的核心进程时,Google 的结果非常嘈杂。
The reason I'm asking is that I got a BSOD from my service application which seems to be related to the csrss.exe process, at least this is what the analysis of the memory dump shows:
我问的原因是我从我的服务应用程序中得到了一个 BSOD,它似乎与 csrss.exe 进程有关,至少这是内存转储分析显示的内容:
PROCESS_OBJECT: 85eeeb70
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 00000000
PROCESS_NAME: PreviewService.
BUGCHECK_STR: 0xF4_PreviewService.
DEFAULT_BUCKET_ID: DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 80998221 to 80876b40
STACK_TEXT:
f5175d00 80998221 000000f4 00000003 85eeeb70 nt!KeBugCheckEx+0x1b
f5175d24 8095b1be 8095b1fa 85eeeb70 85eeecd4 nt!PspCatchCriticalBreak+0x75
f5175d54 8082350b 00000494 ffffffff 051bf114 nt!NtTerminateProcess+0x7a
f5175d54 7c8285ec 00000494 ffffffff 051bf114 nt!KiFastCallEntry+0xf8
051bf114 00000000 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xF4_PreviewService._IMAGE_csrss.exe
BUCKET_ID: 0xF4_PreviewService._IMAGE_csrss.exe
Followup: MachineOwner
EDIT: Thanks already for the good answers, but I actually don't need help concerning my service, I just would like to get some basic understanding of what the purpose of this service is.
编辑:已经谢谢你的好答案,但实际上我不需要关于我的服务的帮助,我只是想对这项服务的目的有一些基本的了解。
采纳答案by Michael
CSRSS hosts the server side of the Win32 subsystem. It is considered a system critical process, and if it is ever terminated you'll get a blue screen. More data is necessary, but you need to find out if some process is terminating csrss, or if it is crashing due to a bug.
CSRSS 承载 Win32 子系统的服务器端。它被认为是一个系统关键进程,如果它被终止,你会看到蓝屏。需要更多数据,但您需要查明某个进程是否正在终止 csrss,或者是否由于错误而崩溃。
Windows Internalsis a great book for stuff like this. Wikipediaalso has an article on CSRSS.
Windows Internals是一本关于此类内容的好书。 维基百科也有一篇关于 CSRSS 的文章。
回答by John Feminella
csrssis the user-mode portion of the Win32 subsystem -- the user-mode analog to the kernel-mode win32.sys. As for what's going on with your particular service, it's hard to say without some better hints about what your service is doing.
csrss是 Win32 子系统的用户模式部分——类似于内核模式 win32.sys 的用户模式。至于您的特定服务的情况,如果没有关于您的服务正在做什么的更好提示,很难说。
回答by Andrew Bainbridge
One thing it does is provide the default console window for console apps like cmd.exe. At least according to jdeBP:
它所做的一件事是为 cmd.exe 等控制台应用程序提供默认控制台窗口。至少根据jdeBP:
On Windows, how does console window ownership work?
It would appear that when a console app process is created without being passed handles to stdin, stdout and stderr, then some interprocess comms asks csrss to create a console window in a new thread and give its IO handles to the console process.
看起来,当创建控制台应用程序进程而未将句柄传递给 stdin、stdout 和 stderr 时,某些进程间通信会要求 csrss 在新线程中创建一个控制台窗口,并将其 IO 句柄提供给控制台进程。
回答by Josh Ross
It is related to the graphical system. However, right now there is an active trojan behind this name and it is causing many issues for people. I heard. It is mining crypto and since the exe process itself is common people have a difficult time to detect the main issue
它与图形系统有关。然而,现在这个名字背后有一个活跃的木马,它给人们带来了许多问题。我听说。它正在挖掘加密,并且由于 exe 进程本身是普通人很难检测到主要问题
